[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [soa-rm-ra] point of action
Well, first we have to figure out what this aspect of the RA is and then we can begin to answer what standards might support it. I think we're making progress on the former and then we'll see if the latter is straightforward or rocket science. Ken At 12:17 PM 8/17/2006, Danny Thornton wrote: >Whoops, a gremlin in my keyboard must have pressed the >send button while I was typing that last message. > >I would like to answer the following question in the >RA when describing Visibility and personal, group, and >global registries. > >At what point can we tell the implementation >architects that there will be standards and >technologies to support this aspect of the RA? > >Danny > > >--- Ken Laskey <klaskey@mitre.org> wrote: > > > OK for now. Hopefully the use of poa in the RA will > > clarify things > > or this is going to be a bear to write up for our > > audience. > > > > Ken > > > > At 11:37 AM 8/17/2006, Francis McCabe wrote: > > >The POA concept is a general concept that is not > > limited to services. > > >So, perhaps, that is what was going though Danny's > > mind -) > > >As to private vs public, we are going to get > > similar issues with the > > >Point of Decision and Point of Enforcement of > > policies. > > > > > >One important place for the POA in the RA is as the > > start of the > > >chain of events that lead to the real world effect. > > Another is that > > >the POA acts as one place were policies must be > > applied. (I cannot > > >make up my mind exactly how POA relates POD and > > POE.) Of course, this > > >is but one place where policies are applied in the > > RA. > > > > > >Frank > > >On Aug 17, 2006, at 8:15 AM, Ken Laskey wrote: > > > > > >>Where it fits in the RA is still my question. In > > the example in > > >>his earlier email, Danny says > > >> > > >>To draw another analogy for the point of action, I > > >>know your mind will be the point of action for > > >>processing this e-mail as you read the e-mail. > > The > > >>e-mail address and the english language is like a > > >>service interface. > > >> > > >>If this example aligns with your meaning, then > > isn't my mind part > > >>of the opaque implementation? [The jokes are > > altogether too > > >>obvious so first answer the question and later we > > can collect the > > >>best Ken-related responses in a follow-on thread. > > :-) ] > > >> > > >>Ken > > >> > > >>On Aug 17, 2006, at 11:01 AM, Francis McCabe > > wrote: > > >> > > >>>The action being referred to in a service > > interaction is not > > >>>really any private action. As you use a service > > to do something > > >>>then you are performing an action. (There may be > > consequential > > >>>events that follow that are internal.) That > > action has a point of > > >>>action. > > >>> > > >>>Note that with the action-at-a-distance analogy > > getting clarity on > > >>>when and where the action is performed may be > > quite important. For > > >>>example, if you send a message declaring that you > > have agreed to a > > >>>contract, from the service provider's PoV, it is > > not until it > > >>>'groks' the message that it considers that you > > have actually agreed. > > >>> > > >>>Frank > > >>> > > >>> > > >>>On Aug 17, 2006, at 7:24 AM, Ken Laskey wrote: > > >>> > > >>>>see below > > >>>> > > >>>>At 09:18 AM 8/17/2006, Rex Brooks wrote: > > >>>>>I hope no one is surprised if I quibble with > > this particular > > >>>>>definition, which comes close, in my opinion, > > but fall just > > >>>>>short of the mark. I take exception with the > > choice of using the > > >>>>>concept of force per se, though I do understand > > and agree with > > >>>>>the requirement of making "action" transitive. > > I would apply a > > >>>>>small bit of mental jiu jitsu on this > > definition, thus: > > >>>>> > > >>>>>Action: the application of 'intent' to achieve > > an effect by an > > >>>>>agent on an object. > > >>>>> > > >>>>>Thus, the application of "intent" applies > > equally well to > > >>>>>choosing to do "nothing" and allow > > inertia/momentum to achieve > > >>>>>an effect, > > >>>> > > >>>>but the application of nothing does not require > > an agent as the > > >>>>transferral entity if there is nothing to > > transfer, unless > > >>>>however you identify the agent as a way of > > establishing context > > >>>>for your intended nothing. > > >>>> > > >>>>>or to require action by some other agent to > > achieve, prevent or > > >>>>>allow an effect. In the study of heuristics, > > one of the least > > >>>>>well explored results is exactly this, the > > intentional refusal > > >>>>>to act per se, which, I contend, constitutes a > > decision, which > > >>>>>is, in and of itself, an action at a > > choice-point branching of a > > >>>>>decision-tree. > > >>>>> > > >>>>>BTW, this answers the last question below: Yes! > > and full > > >>>>>responsibility or culpability applies. Needless > > to say, this is > > >>>>>utterly critical to security. Choose not to > > apply a patch in > > >>>>>time, and you are caught holding the hot potato > > if bad things > > >>>>>happen to good systems. > > >>>> > > >>>>So the follow-up question is: what can be > > identified as the poa > > >>>>while still maintaining the SOA principle of > > opacity of the > > >>>>implementation of services and their underlying > > capabilities? > > >>>> > > >>>>>Cheers, > > >>>>>Rex > > >>>>> > > >>>>> > > >>>>> > > >>>>>At 7:55 AM -0400 8/17/06, Ken Laskey wrote: > > >>>>>>Some comments from Frank that didn't get back > > to the list: > > >>>>>> > > >>>>>>Ken: > > >>>>>> The POA *is* the action as it is applied. > > >>>>>> If the service is the glove, the POA is the > > iron fist:) > > >>>>>> > > >>>>>> Different people have different definitions > > of action, (try > > >>>>>>define:action in google). None of these > > definitions is all that > > >>>>>>satisfactory to me. > > >>>>>> My definition is adapted from John Sowa: > > >>>>>> > > >>>>>>Action: the application of force by an agent > > on an object with > > >>>>>>the intention of achieving an effect. > > >>>>>> > > >>>>>> I.e., its a kind of event. The POA is a > > characterization of > > >>>>>>that event. (One reason I like this definition > > is that is > > >>>>>>includes all human actions but excludes rocks > > rolling down the > > >>>>>>hill hitting other rocks.) > > >>>>>> > > >>>>>> The service interface is the > > characterization of what it means > > >>>>>>to perform an action. It is not the action > > itself though. > > >>>>>> > > >>>>>> Hope that this throws a little light on the > > matter. > > >>>>>>Frank > > >>>>>> > > >>>>>>Per Danny's response, I think he caught my > > question well with > > >>>>>>the final line of his response below: > > >>>>>> > > >>>>>>>One question > > >>>>>>>we can ask is can we identify a point of > > action > > >>>>>>>meaningful to the reference architecture that > > would > > >>>>>>>not have a service interface? > > >>>>>> > > >>>>>>Ken > > >>>>>> > > >>>>>> > > >=== message truncated === > > >__________________________________________________ >Do You Yahoo!? >Tired of spam? Yahoo! Mail has the best spam protection around >http://mail.yahoo.com -- --------------------------------------------------------------------------------- / Ken Laskey \ | MITRE Corporation, M/S H305 phone: 703-983-7934 | | 7515 Colshire Drive fax: 703-983-1379 | \ McLean VA 22102-7508 / ----------------------------------------------------------------------------------
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]